8789 matches found
External Control Of Filename
phenx/php-svg-lib is vulnerable to External Control of Filename. The vulnerability is due to insecure handling of inline CSS font definitions, allowing an attacker to deserialize a PHAR file through the phar:// URL handler. Note that remote code execution is only possible on PHP versions less the...
CVE-2024-25801
SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name not the content of a file...
CVE-2024-25801
SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name not the content of a file...
GHSA-P28X-4R5H-PH6J Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting
Stored cross-site scripting XSS vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web...
CVE-2024-25152
Stored cross-site scripting XSS vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web...
CVE-2024-25152
Stored cross-site scripting XSS vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web...
CVE-2022-48624
A flaw was found in less. The closealtfile function in filename.c omits shellquote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system...
UBUNTU-CVE-2022-48624
closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE...
PT-2024-20764 · Mss · Mss
Name of the Vulnerable Software and Affected Versions: MSS Mission Support System versions prior to 8.3.3 Description: MSS is an open source package designed for planning atmospheric research flights. The issue concerns a method in the index.py file that is vulnerable to path manipulation attacks...
jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()
A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...
jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()
A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...
jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()
A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...
jetty: Improper addition of quotation marks to user inputs in CgiServlet
A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested...
jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()
A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...
CVE-2024-25711
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
Novel-Plus 代码问题漏洞
Novel-Plus is a multi-end PC, WAP reading, fully functional novel CMS system. Novel-Plus com.java2nb.common.controller.FileController: upload processing fieName parameter there is an arbitrary file upload vulnerability, a remote attacker can use the vulnerability to submit a special request, you...
CentOS 8 : thunderbird (CESA-2023:1802)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:1802 advisory. - OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted...
Directory Traversal
Stimulsoft Dashboard.JS is vulnerable to Directory Traversal. The vulnerability is due to improper fileName validation within the Save function. This issue can be exploited by an attacker to perform directory traversal via fileName parameter, resulting in Arbitrary Code Execution...
PT-2024-20241 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: An arbitrary file download issue exists, allowing an attacker to download files by passing specially crafted filePath and fileName parameters to the fileDownload function in the...
Cross Site Scripting (XSS)
phpmyfaq/phpmyfaq is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper filename sanitization within phpMyFAQ\phpmyfaq\admin\attachments.php, allowing an attacker to execute arbitrary JavaScript code in the client side resulting in XSS...